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COMPUTERIZED PAYMENT SYSTEM 
FOR PURCHASING GOODS AND SERVICES 
ON THE INTERNET 



r.ATEP APPLICATION 
This application is related to copending 
application Serial No. 08/308,101, filed September 16, 
1994, the entire disclosure of which is hereby 
incorporated by reference herein. 

BACKGROUND OF THE INVENTION 

The present invention relates to a system for 
enabling payment for goods and services over a guasi- 
public network, and more particularly, the present 
invention relates to a payment system that can be used to 
enable an Internet user to initiate a payment to another 
internet user for goods or services over the Internet. 

The Internet has emerged as a large community 
of electronically-connected users located around the 
world who readily and regularly exchange significant 
amounts of information. The Internet continues tc serve 
its original purposes of providing for access and 
exchange of information among government agencies, 
laboratories, and universities for research and 
education. In addition, the Internet has evolved to 
serve a variety of interests and forums that extend 
beyond its original goals. 

The Internet has been considered as a potential 
new marketplace for various types of products, including 
goods and services. Using the Internet as a marketplace 
has many advantages. Although the Internet presently has 
the capability to serve as a marketplace for goods and 
services, use of the Internet for this purpose has been 
slow to develop. One reason for this lack of development 
is that it is difficult to pay for goods or services 
using the Internet. An Internet user cannot send cash or 
a check via the Internet. Sending a check via physical 
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1 delivery services is slow and sending a credit card 

2 number over the Internet poses security problems. 

3 In the aforementioned patent application, 

4 Serial No. OB/308,101, there was disclosed a payment 

5 system that enabled payment on a quasi-public system, 

6 such as the Internet. The payment system described in 

7 the referenced application is useful for enabling payment 

8 for a variety of products and services, especially for 

9 information products that can be delivered electronically 

10 over the network without physical packaging. Information 

11 products include software, stories, cartoons, recipes, 

12 etc. 

13 The aforementioned payment system has proven 

14 successful. However, there continues to be a need for a 

15 payment system for users of the Internet who have 

16 products to vend. Such products include goods and 

17 services that could be as diverse as clothing, computer 
is hardware, technical support and advice, groceries, 

19 educational courses and training, etc. These types of 

20 goods and services are not necessarily capable of being 

21 transmitted electronically over the network. Such 

22 products may also include information products, as 

23 described above. Since the Internet provides a medium 

24 for users who have all these types of products to sell to 

25 reach users who have an interest in purchasing these 

26 types of products, it would be advantageous if a system 

27 were available for willing users to enter into 

28 transactions with other users for the purchase of these 

29 goods and services. 

30 Accordingly, there is a need for a system that 

31 enables users of the internet to enter into commercial 

32 transactions for goods and services. 

33 SUMMARY OF THE INVENTION 

34 According to a first embodiment of the present 

35 invention, there are provided a method and payment system 

36 for use on a quasi-public network, such as the Internet, 



1 to enable users of the network to conduct commercial 

2 transactions involving a payment of funds by one user to 

3 another user of the network. The embodiment includes 

4 operation of a computer system for sending and receiving 
s messages from users over the network. Upon receiving a 

6 message over the network from a qualified user-seller, a 

7 message is sent over the network to the user-buyer that 

8 was identified in the message from the user-seller. The 

9 message to the user-buyer requests confirmation of a 

10 transaction identified in the message received from the 

11 user-seller. Upon receiving a confirmation over the 

12 network from the user-buyer, payment information is sent 

13 by secure channels off the network to an agent of the 

14 user-seller. Upon receipt of an authorization code from 

15 the seller's agent, the authorization code is 

16 cryptograph ically signed and sent to the user-seller over 
n the network. 

18 BRIEF DESCRIPTION OF THE D RAWINGS 

19 Figure l is a block diagram illustrating a 

20 payment system according to a first embodiment of the 

21 present invention. 

2 2 Figure 2 is a block diagram of a hardware 

23 configuration for the payment system of Figure 1. 

24 Figure 3 is a block diagram of the program 

25 arrangement of the payment system of Figure 1. 

z6 Figure 4A is a diagram of the data fields for a 

27 buyer's cardholder account for use with the payment 

28 system of Figure 1. 

29 Figure 4B is a diagram of the data fields for a 

30 seller's account for use with the payment system of 

32 Figure 5 is a flow chart showing message flow 

33 for an payment request using the payment system of 

34 Figure 1. 

35 Figures 6A-6F are diagrams of data messages 

36 used in connection with the payment system of Figure 1. 
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Figure 7 is a flow chart showing the message 
flow for an payment query and a payment response using 
the payment system of Figure l. 

Figure 8 is a flow chart showing the message 
flow using the payment system of Figure 1 for 
communication with the seller's agent. 

Figure 9 is a flow chart showing the message 
flow for sending an encrypted authorization code to the 
seller using the payment system of Figure 1. 

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS 

Figure 1 shows a block diagram of a first 
embodiment of the present invention for a payment 
system 10. The payment system 10 is shown in relation to 
the Internet network 12. The internet network 12 is a 
large, quasi-public network having many users 14. The 
Internet network 12 is of a type that the users 14 can 
access by various means such as dedicated communication 
links or conventional commercial telephone systems. The 
Internet network 12 provides numerous services for its 
users such as e-mail, FTP, and the World Wide Web (WWW). 
Although the payment system 10 is specifically useful for 
the Internet, it may be used in conjunction with other 
having a plurality of users that can communicate with 
each other by e-mail. 

In the embodiment of Figure 1, one of the users 
14 (designated as a buyer 20) wishes to acquire goods or 
services 26 from another of the users (designated as a 
seller 28) . The seller 28 nay be any user with a product 
or service to vend. The goods or services may include 
anything that can be sold for value, such as clothing, 
appliances, computers, automobiles, technical advice, 
consulting, and so on. The goods or services may also 
include information products that can be transferred 
electronically over a network, such as the Internet. 
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The seller 28 wishes to sell goods or services 
26 to the buyer 20 at a price. The price may be an 
advertised price (e.g. advertised over the Internet, on a 
bulletin board, or other media) , or may be a negotiated 
price (e.g. negotiated via message or e-mail exchange 
over the Internet) . Although the example of Figure 1 
describes one seller 28 and one buyer 20, the payment 
system 10 is understood to extend to include multiple 
buyers of one seller, multiple sellers to one buyer, and 
multiple sellers and multiple buyers. Also, a buyer or a 
seller may be an individual, a company, or an 
institution. 

Also shown in Figure 1 is a financial 
transaction settlement system 30. The financial 
transaction settlement system 30 represents presently- 
available commercial institutions that process credit and 
other financial transactions. For example, the financial 
transaction settlement system 30 may represent 
commercially available credit card processing 
institutions (e.g. Visa, Master Card, Discover, and so 
on) . The financial transaction settlement system 30 
includes two components: an issuer 3 2 and an acquirer 34. 
The issuer 32 includes banks, or other institutions, that 
issue credit cards to persons, send statements and bills 
to credit card holders on a regular basis, and collect 
payment from the credit card holders . These functions 
are not performed on the Internet but use conventional 
mail delivery, authorized direct withdrawals from bank 



The payment system 10 of the present embodiment 
utilizes these commercially available issuers 32 to bill 
users and to collect payment from users for their 
transactions on the Internet 12 using the payment system 
10. For example, a user's transactions that are 
initiated using the payment system 10 would show up on 
the user's credit card statement as a charge from the 
seller 28. 
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1 As mentioned above, the financial transaction 

2 settlement system 3 0 also includes the acquirer component 

3 34. This acquirer component 34 includes banks or other 

4 institutions that provide merchant accounts for entities 
s that want to receive payment for the sale of goods or 

6 services. These merchant accounts are similar or 

7 identical to the conventional merchant accounts that are 

8 provided to businesses. As mentioned below, the acquirer 

9 34 processes the user charges received from the payment 

10 system 10 and passes this information to the issuer 

11 component 32 for the preparation and sending of monthly 

12 statements and bills to users and collecting payment from 

14 The payment system 10 includes two distinct 

15 parts or systems: an above-the-line system 40 and a 

16 below-the-line system 42. The above-the-line system 40 

17 and the below-the-line system 42 are separated by a 

18 "line" or "firewall" 44. The line 44 isolates the above- 

19 the-line system 40 from the below-the-line system 42. 

20 The line 44 permits limited communication between the 

21 above-the-line system 40 and the below-the-line system 42 

22 but prevents unauthorized access to the below-the-line 

23 system 42 through the above-the-line system 40. The line 

24 44 provides security for the information contained on the 

25 below-the-line system 42 and prevents hackers on the 

26 Internet from entering the below-the-line system 42 via 

27 the above-the-line system 40. 

28 Figure 2 is a block diagram illustrating one 

29 possible configuration of hardware components used to 

30 implement the payment system 10 of Figure 1. The above- 

31 the-line system 40 includes an above-the-line (or "front 

32 end") computer 50 and the below-the-line system 42 

33 includes a below-the-line (or "back end") computer 52. 

34 The above-the-line computer 50 and the below-the-line 

35 computer si are connected together via a private network 

36 53. In a preferred embodiment, the private network is an 

37 Ethernet network. The above-the-line computer 50 
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includes an above-the-line system board 54 associated 
with an above-the-line memory 56, a storage device 58 
such as a fixed disk drive, a back up tape drive 60, a 
removable media drive 62, a monitor 64, and a power 
supply 66. The above-the-line computer 50 is connected 
to the internet 12 by means of a leased Tl line 69. 

The below-the-line computer 52 includes a 
below-the-line computer system board 68 associated with a 
below-the-line computer memory 70, a below-the-line 
computer storage device 72 such as a fixed disk drive, a 
back up tape drive 74, a removable media drive 76, a 
monitor 78, and a power supply 80. The below-the-line 
computer 52 is connected to the above-the-line computer 
50 by means of Ethernet cable. The below-the-line 
computer 52 also has a Novell LAN 81 that provides a 
secure communication link apart from the Internet. 

Both the above-the-line computer 50 and the 
below-the-line computer 52 in this embodiment are 
preferably commercially available Sun Microsystems SS1000 
computers. Preferably, both the above-the-line computer 
50 and the below-the-line computer 52 are equipped with 
64 MB memory. As mentioned above, the dedicated private 
network is an Ethernet and includes a SBus host adaptor. 
The communication server is a Sun Microsystems 
SPARCserver 1000. Both the above-the-line monitor 64 and 
the below-the-line monitor 78 are commercially available 
Sun 17 inch monitors. The above-the-line and below-the- 
line tape drives are Python 5GB tape drives using 4mm 
tape available from Sony, Inc. The above-the-line disk 
drive 58 and the below-the-line disk drive 72 



ially available Seagate 



L.7GB disk drives. The 



host adaptor is a Sun Microsystems SBus host adaptor. 
The network server is a commercially available Sun 
Microsystems SSarray 101. The above-the-line and below- 
the-line computers 50 and 52 may be similar or identical 
to the front end and back end computers that are 
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described in the aforementioned related patent 
application Ser. No. 08/308,101. 

Referring to Figure 3, the above-the- line 
computer 50 runs an above-the-line program 90. The 
above-the-line program 90 is a software program that 
provides for communication with users 14 on the Internet 
12. Specifically, the above-the-line program 90 includes 
modules that can be accessed and used by Internet users 
who are buyers 20 and Internet users who are sellers 28. 

The below-the-line computer 52 runs a below- 
the-line program 92. The above-the-line program 90 
communicates with the below-the-line program 92 via the 
private network 53. Thus, the above-the-line program 90 
is physically separate and isolated from the below-the- 
line program 92. The below-the-line program 92 receives 
information from and sends information to the above-the- 
line program 90 by means of batch processing. This 
comprises, in part, the firewall or line 44 and results 
in an inherently safe method of communicating between the 
publicly accessible part of the payment system, i.e. the 
above-the-line system 40, and the secure part of the 
payment system, i.e. the below-the-line system 42. 

To access the above-the-line program 90 over 
the internet, users 14 who are buyers may use a user 
interface software program 118 that can be run on their 
own computers for interactive access, or alternatively, 
users 14 may access the payment system 90 via 
conventional e-mail programs, for store-and-forward 
access. Similarly, users who are sellers 28 may access 
the above-the-line program 90 over the Internet, by 
running an interface software program 119 on their own 
computers for interactive access, or alternatively, may 
access the payment system 10 via conventional e-mail 
program. Programs 90, 118, and 119 may be written in any 
suitable programming language, such as Tel or c. The 
software modules are capable of being used with the UNIX 
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operating system, DOS, and may be ported to various other 
operating systems. 

H. FSTABLISHIHB BUYERS AND SKU.ER S ACCOUNTS 

In order for a user of the Internet to use the 
payment system 10 for transactions as a buyer, the user 
obtains a subscriber (or cardholder) account 100 with the 
payment system 10. The buyer's cardholder account may be 
similar or identical to the cardholder account described 
in the related patent application. In order for a user 
of the internet to use the payment system 10 for 
transactions as a seller, the user obtains a seller's 
account 200 with the payment system 10. Each user may 
arrange with the payment system 10 individually to set up 
appropriate accounts, or alternatively, a bank may make 
arrangements with the payment system 10 to provide 
appropriate accounts to a large number of the bank's 
customers, such as its credit card customers, as a 
enhancement or a promotion. The characteristics of the 
buyer's and seller's accounts are set forth as follows: 

A. The buyers' accounts 

Referring to Figure 4A, there is depicted a 
representation of the data in a buyer's cardholder 
account 100. The buyer's cardholder account 100 includes 
the following information: a cardnuraber 102, the 
cardholder's name 103, the cardholder's Internet e-mail 
address 104, a state 106, and a pay-in selection 108. 
These items are explained below. In addition, the 
cardholder account 100 may include additional 
information, such as a pay-out selection and a currency 
preference 112, as disclosed in the aforementioned patent 
application. 

The cardnuraber 102 uniquely identifies the 
cardholder account 100. The cardnumber 102 is an 
alphanumeric string that is easily typed and read by 
a human. Also, the cardnuraber 102 is relatively hard to 



WO 97/1 6897 PCT/US96/1 7556 

10 

1 guess and bears no deducible relationship to any 

2 financial artifact, such as a credit cardnumber, 

3 a checking account number, nor to any e-mail address. 

4 The cardholder's name 103 is the cardholder's 

5 actual name, business name, or an alias. 

6 The cardholder Internet e-mail address 104 is 

7 the e-mail address of the cardholder that is unique for 

8 each user of the Internet. 

9 The state 106 is one of "active", "suspended", 
10 or "invalid." 

H The pay-in selection 108 is how the cardholder 

12 transfers funds, i.e. makes payment, for use with the 

13 payment system 10. Typically, this may be done by using 

14 a conventional authorization to charge a credit card. 

15 The pay-in selection is not encoded in nor directly 

16 derivable from the cardnumber. 

17 Users of the Internet who wish to use the 

18 payment system 10 for the purchase of goods or services 

19 over the Internet may obtain cardholder or subscriber 

20 accounts as described in the aforementioned patent 

21 application, or by making an application to First Virtual 

22 at its web site. 



23 B. The sellers' accounts 

24 Users of the Internet who wish to use the 

25 payment system 10 as sellers need to be qualified. 

26 Sellers are qualified by establishing a relationship with 

27 an acquiring bank 34 that underwrites the seller 28 for 

28 credit worthiness and that provides the seller 28 with a 

29 merchant account. As shown in Figure 1, an acquiring 

30 bank 34 is part of the settlement system 30. 

31 Establishing a merchant account enables the seller 28 to 

32 act as a merchant and accept credit cards (or credit card 

33 numbers) for payment for goods and services. 

34 Referring to Figure 1, when a user becomes 

35 qualified as a seller, the user also establishes a 

36 relationship with a seller's agent 115. The seller's 
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agent 115 is a bank card processor that 
the credit card bureaus 117 such as Visa, Master Card, 
etc., that are part of the settlement system 30 The 
seller's agent 115 performs the functions of credit card 
authorizations and chargebacks. Companies that are now 
performing these services include EDS and FDR. For 
example, in a conventional credit card transaction at an 
retail outlet, after a customer presents a credit card 
for payment, the clerk passes the card through a card 
reader that makes a call to a bank card processing 
company for authorization. The call from the card reader 
identifies the card number and the amount of sale. If 



the credit card i 



s withir 



credit limits of the card, the seller's agent : 
responds with an authorization code. In t 
the present embodiment of the payment system, it is 
intended that sellers' agents 115 will perform similar 
functions as they do now with respect to conventional 
credit card transactions. There may be many seller's 
agents associated with different sellers, or many of the 
sellers may use the same agent. In an alternative 
embodiment, the payment system 10 may perform the 
function of seller's agent. 

As mentioned above, a user of the Internet who 
wishes to use the payment system 10 to obtain payment for 
transactions as a seller of goods or services obtains a 
seller's account 200 with the payment system 10. 
Referring to Figure 4B. the seller's account 200 includes 
the following data: a seller's account cardnuinber 202, 
the seller's name 203, the seller's internet e-mail 
address 204, and a state 206. These data are similar to 
the data in the buyer's cardholder account 100. The 
seller's account 200 includes at least one additional 
item of data that is not included in the buyer's 
cardholder account, that is, the seller's account 200 
includes a seller's agent number 219. In addition, the 
seller's account may include other information. 
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Referring again to Figure 3, the buyer 
cardholder account and seller account information is 
distributed in the payment system 10. Only a portion of 
the buyer cardholder account and seller account 
information resides in the above-the-line system 40 where 
it is accessible by the above-the-line program 90. 
However, full copies of all the buyers' cardholder and 
sellers' account information reside on the below-the-line 
system 42 where it is accessible by the below-the-line 
program 92. Specifically, the parts of the subscriber 
and seller account information that reside on the above- 
the-line computer 50 are located in one or more data 
files 91 stored on the above-the-line computer storage 
device 58. The subscriber and seller account information 
that resides on the below-the-line computer 52 is located 
in one or more data files 114 stored on the below-the- 
line computer storage device 72. The above-the-line 
program 90 operates with the database file 91 that is 
stored on the above-the-line storage 58 and the below- 
the-line program 92 operates with the database file 114 
located on the below-the-line storage 72. 

The items of information in the buyer 
cardholder account located in the file 91 on the above- 
the-line computer 50 include the subscriber account 
number 102, the cardholder's name 103, the Internet 
e-mail address information 104, and the state 106. 
However, the above-the-line computer 50 does not contain 
any of the pay- in 108 information, such as credit card 
information, etc., associated with the buyer-subscriber. 
Credit card or other payment information is located only 
in the data file 114 located on the storage device 72 of 
the below-the-line system 42. Similarly, the items of 
information in the seller's account 200 located on the 
above-the-line system 4 0 include the seller's account 
number 202, the seller's name 203, the seller's internet 
e-mail address information 204, and the state 206 of the 
seller's account. However, the above-the-line system 40 



does not contain the seller's agent number 219. This 
information is located only in the data file 114 on the 
storage device 72 of below-the-line computer 52. 

HI. METHODS OF OPERATION OF THE PAYMENT SYSTEM 

As mentioned above, the payment system 10 
provides users of the Internet with a means for 
initiating a payment transaction, and in particular, a 
means for payment for goods or services. 

It is assumed for purposes of the operation of 
the embodiment described herein that the Internet user 
who wants to make a payment has already established a 
buyer's cardholder account with the payment system, as 
described above. Further, it is assumed that the 
internet user who wants to receive payments has 
established a seller's account with the payment system, 
as described above. 

Referring to Figure 5, an Internet user (i.e. 
the buyer 20) becomes aware of goods or services that the 
seller 28 has to vend. This may occur in many different 
ways. For example, the buyer 20 may be searching on the 
Internet for a seller of the particular product or 
service. Alternatively, the buyer 20 may be "browsing" 
and happen upon the seller's page. Also, the seller 28 
may send messages to a class of Internet users to inform 
them of the goods or services that it has to sell. The 
buyer 20 may be aware of the seller 28 via advertising, 
on the internet or other media, through others, from a 
bulletin board, from a product warehouse on the Internet, 
or any other means. 

The buyer 20 becomes interested in the goods or 
services that the seller 28 has to vend and then the 
buyer 20 may contact the seller 28 by sending a message 
to the seller's Internet address or by an interactive 
protocol, e.g. the World Wide Web, FTP, etc. The means 
to contact the seller, e.g. the seller's e-mail address 
or Web site address, may be included in advertising, etc. 
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The buyer 20 and the seller 28 may partake in an exchange 
of messages 107 over the Internet before the buyer 2 0 
decides to purchase the goods or services from the seller 
28. For example, the buyer 20 may send massages to the 
seller 28 to inquire about product availability, 
specifications, options, support, etc. The seller 28 may 
respond with appropriate messages over the Internet in 
reply to the buyer's inquiries. Also, the buyer and 
seller may exchange messages to negotiate a price for the 
goods or services. In addition, if the goods or services 
that the seller wants to sell are of a type that require 
a physical delivery, the buyer and seller may make 
appropriate arrangements for such delivery by message 
exchange over the Internet. 

When the buyer 20 decides to buy the goods or 
services, the buyer 20 informs the seller 28 of the 
buyer's cardnumber 102 by providing an appropriate 
message 128 over the Internet 12 . The information 
included in the buyer's message 128 is represented in 
Figure 6A. The message 128 may take the form of an 
e-mail message over the Internet 12 that includes the 
buyer's cardnumber, or alternatively, the buyer 20 may 
inform the seller of its cardnumber 102 by means of 
interactive protocols, or by including the cardnumber in 
a username in a file transferred from the buyer 20 to the 
seller 28 using the Internet 12, or by other means. 

Referring again to Figure 5, upon receiving the 
buyer's message 12B that includes the buyer's cardnumber 
102, the seller 28 sends an payment-request message 129 
to the payment system 10 via the Internet 12. 
Specifically, the seller 28 sends the payment-request 
message 129 to the above-the-line program 90 on the 
above-the-line system 40. The payment -request message 
129 may be sent by either e-mail or by using an 
interactive protocol on the Internet 12 . 

Referring to Figure 6B, the payment-request 
message 129 contains the following information: the 
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buyer's cardnumber 102, the seller's cardnumber 202, a 
textual description 232 of the transaction, an amount 
234, a merchant's transaction-identifier 236, and any 
physical delivery 237 information for the purchase. 

After receiving the payment -request message 
129, the above-the-line program 90 ascertains whether the 
payment-request message 129 is from a qualified seller 
28. This is performed by the above-the-line program 90 
by checking the database file 91 on the above-the-line 
system 40. Upon confirmation that the payment -request 
message 129 is from a qualified seller, the payment 
system 10 generates a message to ask the buyer 2 0 whether 
the buyer 20 wishes to authorize payment for the 
transaction to the seller 28. Specifically, as shown in 
Figure 7, the above-the-lihe program 9 0 generates 
an payment-query message 140 to be sent to the buyer 20 
over the Internet. 

As shown in Figure 6C, the payment-query 
message 140 contains the following data: a transaction- 
identifier 142, the buyer's name 103, the seller's name 
203, the textual description of the transaction 232, and 
an amount 235. The transaction-identifier 142 is a 
number or code uniquely-generated by the above-the-line 
program 90. Using the information contained in the 
payment-request message 129 from the seller 28, 
specifically the buyer's cardnumber 102 and the seller's 
cardnumber 202, the above-the-line program 90 looks up 
the buyer's name 103 and the seller's name 203. In the 
payment-query message 140, the buyer's name 103 and the 
seller's name 203 are used instead of the buyer's 
cardnumber 102 and the seller's cardnumber 102 in order 
to minimize transmission of the cardnumber information 
over the Internet thereby improving security of the 
system. The amount 235 sent to the buyer may differ from 
in the transaction amount 234 received from the seller to 
account for any currency exchange rates or service 
charges imposed by the payment system 10. 
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After generating the payment-query message 140, 
the above-the-line system 40 sends the payment-query 
message 140 to the buyer's e-mail address and waits for 
a response from the buyer 20. The payment -query message 
140 requests the buyer 20 to respond with one of three 
possible replies: "yes", "no", or "fraud." Thus, there 
are four possible alternatives that can occur in response 
to the payment-query message 14 0, taking into account the 
three permitted responses by the buyer and the 
possibility of no reply. 

1. No reply from Buyer 

If there is no reply from the buyer 2 0 to the 
payment-query message 140 after a period of time, the 
above-the-line system 40 will send the payment-query 
message 140 again, i.e. a second notice. The above-the- 
line system 40 may send the payment-query message 140 to 
the buyer 20 several times until a response from the 
buyer 20 is obtained. If more than a certain number of 
days elapses, or more than a certain number of payment- 
query messages 140 are outstanding to the buyer 20, and 
the above-the-line system 40 does not receive an 
appropriate response from the buyer 20, as indicated 
below, then the above-the-line system 40 causes the 
buyer's cardholder account 100 to become suspended. This 
is done by changing the buyer's cardholder state 106 from 
"active" to "suspended." The buyer's account 100 may be 
reinstated later if an appropriate response is received 
and/or the number of outstanding payment-query messages 
140 for the buyer 20 drops to less than a certain 
threshold. Upon reinstatement, the buyer's account 100 
is returned to an "active" state. Further, any 
outstanding payment-query messages 140 may be sent again 
some time later. 
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2. Buyer responds "no 

Referring to Figure 7, in response to the 
payment-query message 140, the buyer 20 may respond by 
sending a payment-response message 150 to the above-the- 
line system 40 via the Internet 12. As illustrated in 
Figure 6D, the payment-response message 150 contains the 
following data: the payment system generated 
transact ion- identifier 142 and an indication 152 of the 
buyer's willingness to allow transfer of funds. The 
willingness indication 152 is one of "yes", "no", or 
"fraud." 

The structure of the payment-query message 140 
facilitates preparation of the payment-response message 
150 by the buyer 20. In the payment-query message 140, 
the transaction-identifier 142 is placed in the "subject" 
of the payment-query message 140 and the e-mail address 
to which the buyer's payment-response message 150 should 
be sent (e.g. "response@card.com") is placed in the 
"sender's address" of the payment-query message 140. 
Many conventional e-mail programs in use on the Internet, 
including many older programs, have a feature that will 
automatically read the "subject" and "sender's address" 
of a received message and format a reply message directed 
to the sender's address with the same "subject" as the 
received message. If the buyer 20 uses this common 
feature to send his payment-response message 150 back to 
the payment system 10, the only information that the 
buyer 20 will have to add is the willingness indication 
152 which is only a one word or one letter reply, (i.e., 
"yes", "no", or "fraud", or »Y", »N", or »F") . 

If the buyer 20 replies "no" in the willingness 
indicator 152, the above-the-line system 40 sends a 
payment-result 160 to the seller 28 with a "no" 
indication 152. The format of a payment -result message 
160 is shown in Figure 6E. A payment-result message 160 
contains the following information: the transaction- 
identifier 142, the seller's name 203, the buyer's name 
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103, the textual description of the transaction 23 2, the 
amount 235, the negative indication 152 of the buyer's 
willingness to allow transfer of funds, and the seller's 
transaction-identifier 236 if present in the originating 
payment-request message 129. Optionally, the original 
transaction amount 234 may also be included. When a 
buyer declines to authorize payment, a service charge may 
be generated to the buyer 20 by the payment system. 

Information regarding the buyer's "no" reply in 
the payment-response 150 is delivered from the above-the- 
line program 90 to the bel,ow-the-line program 92 where a 
service charge may be added to a settlement queue for the 
buyer 20, as discussed in the related application. 
Further, if a "no" indication is received more than 
a certain number of times in a certain number of 
transactions over a certain time period, then the state 
106 of buyer's account 100 may become "suspended". This 
is to prevent a user from making a practice of ordering 
products without authorizing payment for them. If the 
buyer's account state 106 becomes suspended, this 
information is also transmitted by batch processing from 
the above-the-line program 90 to the below-the-line 
program 92 so that the cardholder account information on 
the below-the-line computer 52 conforms to that on the 
above-the-line computer 50 . 

3. Buyer responds "fraud" 

Referring again to Figure 7, if the buyer 20 
responds to the payment-query message 140 by sending a 
payment-response message 150 to the above-the-line 
computer 50 via the Internet 12 that indicates "fraud" in 
the willingness indication 152, the payment system 10 
changes the state 106 of the buyer's cardholder account 
100 to "invalid." A response of "fraud" indicates that 
the buyer 20 did not request the goods or services from 
the seller 28. The information that the buyer 20 
responded "fraud" to the willingness indication 152 is 
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1 transmitted by batch processing from the above-the-line 

2 program 90 to the below-the-line program 92 so that the 

3 cardholder account information on the below-the-line 

4 computer 52 conforms to that on the above-the-line 

5 computer 50. If the buyer 20 responds "fraud", an 

6 appropriate message is sent to seller 28. 



7 4. Buyer responds "yes" 

e If , in response to the payment-query message 

9 140, the buyer 20 responds by sending a payment-response 

10 message 150 to the above-the-line system 4 0 via the 

11 Internet 12 that indicates "yes" in the willingness 

12 indication 152, the above-the-line program 90 transfers 

13 the transaction information, by batch processing, to the 

14 below-the-line system 52. The information communicated 
is from the above-the-line system 50 to the below-the-line 

16 system 52 includes the buyer's cardnumber 102, the 

17 seller's cardnumber 202, a transaction number 142, the 

18 amount of the transaction 235, and any physical delivery 

19 information for the purchase. 

20 When the below-the-line system 52 receives the 

21 information from the above-the-line system 50, it 

22 associates the identified buyer's cardnumber 102 with the 

23 buyer's payment information. This information is stored 

24 in the data file 114 on the below-the-line storage 72. 

25 The below-the-line system 42 also associates the seller's 

26 account number 202 with the seller's agent number 219 

27 which is also stored on the below-the-line system storage 

28 72. 

29 Next, referring to Figure 8, the below-the-line 

30 system 42 communicates with the seller's agent 115 

31 associated with the seller's agent number 219. The 

32 communication 250 to the seller's agent 115 identifies 

33 the seller 203, the transaction amount 235, the buyer's 

34 payment information (such as the buyer's credit card 

35 number) , and any physical delivery information for the 

36 purchase. The communication 250 to the seller's agent 
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115 is performed off the internet on secure communication 
channels. The communication 250 requests whether the 
seller's agent 115 will authorize a charge of the 
indicated amount 235 to the buyer's credit card. 

If the seller's agent 115 indicates that it 
will approve the charge, it sends an authorization code 
260 to the below-the-line system 40. Upon receipt of the 
authorization code 250 , the below-the-line program 92 
generates a cryptographic signature for the authorization 
code 260. In a preferred embodiment, public key 
cryptography is used, such as programs available from 
RSA, or PGP. For purposes of security, it is very 
desirable to ensure the authenticity of the sender of the 
authorization code. Accordingly, public key cryptography 
is used to authenticate the sender's message (in this 
case, the message of the payment system 10) and is not 
necessarily used to prevent someone else from reading the 
authorization code. 

The signed authorization code 2 62 is batch 
processed across the line 44 from the below-the-line 
system 42 to the above-the-line system 40. Referring to 
Figure 9, upon receipt of the encrypted authorization 
code 262 from the below-the-line system 42, the above- 
the-line system 40 prepares and sends a payment- 
notification 264 to seller 28. The payment-notification 
264 may be a plain text e-mail message that includes the 
seller's transaction identifier 236 and the 
cryptographically signed authorization code 262. The 
information included in the payment-notification message 
264 is represented in Figure 6F. Upon receipt of the 
payment-notification 264, the seller 28 can authenticate 
the authorization code 260 using the public key of the 
payment system used by the encryption program on the 
below-the-line system 42. Upon verification of the 
authenticity of the message 264, the seller 28 can 
proceed to deliver the goods or services to the buyer 20 
using whatever arrangements had been previously made. 
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1 Further processing of the charges to the 

2 buyer's credit card account and credits to the seller's 

3 merchant account are conducted by the conventional 

4 settlement system 3 0 off the Internet using secure 

• s communications channels. This isolates the buyer-seller 

6 activity which occurs on the Internet from the financial 

7 and credit activity which occurs off the Internet. 

e If the seller's agent 115 accepts the buyer's 

9 card, the charge is processed in the conventional way in 

10 the credit card system 30 to post the charge to the 

11 buyer's credit card in the usual manner by sending the 

12 appropriate information to the buyer ' s credit card issuer 

13 32. The buyer's credit card issuer 32 sends the buyer 20 

14 a credit card bill, typically via the postal system. The 

15 credit card bill lists the charge 235 as an item on the 

16 user's credit card bill. The settlement system 30 also 

17 arranges to make a payment to the seller 28. This may be 

18 a transfer from the acquirer-bank 3 4 to the seller's bank 

19 for direct deposit to the seller's checking account. 

20 If the seller's agent 115 refuses to accept the 

21 buyer's credit card number, e.g. the credit card is lost, 

22 stolen, canceled, expired, or the transaction amount 

23 exceeds the card's limit, etc., the seller's agent does 

24 not send an authorization code back to the below-the-line 

25 system 42. Instead, the seller's agent may send a code 

26 indicating refusal of the buyer's card. This information 

27 is similarly batch processed to the above-the-line system 

28 42 and an appropriate message is sent to the seller 28 

29 indicating the lack of authorization. The seller 28 may 

30 then refuse to deliver the goods or services to the buyer 

31 20, or request another card number. 

32 The description previously set forth explains 

33 how the payment system can process a charge to the user 

34 using the conventional, commercially available credit 

35 card system. There may be various modifications of the 

36 previously described arrangement that may be utilized. 

37 For example, the issuer bank 32 may process a debit to a 
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1 bank account of the buyer 20 instead of sending a credit 

2 card bill. Alternately, the issuer bank 32 may send the 

3 buyer a bill (other than a credit card bill) for the 

4 accumulated charges. 

5 As mentioned above, the function of the 

6 seller's agent may be performed by the payment system 

7 instead of a separate entity. According to this 

8 alternative, instead of communicating the information 

9 about the transaction (i.e. the seller, the transaction 

10 amount, the buyer's credit card number, physical delivery 

11 information, etc.) to a separate party designated by the 

12 seller as its agent who in turn replies whether it will 

13 approve the transaction, the payment system can perform 

14 this function itself. If this function is performed by 

15 the payment system, it is performed either on the below- 

16 the-line system or on an another entirely separate, 

17 secure system. Like a separate seller's agent, the 

18 payment system would communicate with the appropriate 

19 credit card services to determine whether to authorize 

20 the transaction in the amount identified in the 

21 communication from the above-the-line system. The 

22 payment system would then perform the seller's agent's 

23 function of generating an authorization code. Then, as 

24 in the above-described embodiment having separate 

25 seller's agents, the payment system would generate a 

26 cryptographically-signed message including the 

27 authorization code, send the message to the above-the- 

28 line system, and send the cryptographically-signed 

29 message to the seller over the Internet. 



30 The payment system described above is 

31 particularly advantageous for use on networks that do not 

32 have a centralized management authority, such as the 

33 Internet. Other such systems include PIDOnet and 

34 UUCP/Usenet, although it is recognized that these systems 

35 are considered by some to part of or associated with the 

36 Internet. The payment system described above could also 
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be used on future versions, generations, etc., of the 
Internet. The payment system could also be used on 
centrally managed computer systems, such as America 
Online, Prodigy, etc. 

The payment system described above enables 
Internet users to initiate commercial transactions to buy 
and sell goods or services over a quasi-public network, 
such as the Internet, regardless of where the users are 
located or where the payment system is located. Either 
the buyer or the seller may be located in the U.S. or 
outside the U.S. Also, some or all of the payment system 
components, such as the above-the-line system or the 
below-the-line system, may be located either in the U.S. 
or outside the U.S. 

The foregoing detailed description should be 
regarded as illustrative rather than limiting and the 
appended claims including all equivalents are intended to 
define the scope of the invention. 
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1 WE CLAIM: 

2 1. A method for enabling a seller and a buyer 

3 communicating over a quasi-public network to initiate a 

4 commercial transaction involving a payment of funds by 

5 the buyer to the seller, said method comprising the steps 

6 of : 

7 receiving a message over the quasi-public network 
B from the seller, the seller's message identifying the 
9 buyer and a transaction; 

10 sending a message over the quasi-public network to 

11 the identified buyer, said message to the buyer 

12 identifying the transaction; 

13 receiving a message over the quasi-public network 

14 from the identified buyer, said buyer's message 

15 indicating acceptance or refusal of the transaction; 

16 if the buyer's message indicates approval of the 

17 transaction, communicating to an agent of the seller via 
la a secure communication channel information for permitting 

19 the buyer to pay for transaction; 

20 ' receiving an authorization. code from the seller's 

21 agent via said secure communication channels; and 

22 sending a cryptographically-signed message including 

23 the authorization code to the seller via the quasi-public 

24 network. 

25 2. The method of claim 1 further comprising the 

26 step of: 

27 connecting a computer system to the quasi-public 

28 network, said computer system having a means for sending 

29 and receiving messages. 

30 3 . The method of claim 1 in which the 

31 cryptographically-signed message utilizes public key 

32 cryptography. 



33 4. The method of claim 1 further comprising the 

34 steps of: 
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cryptographically-encoding the authorization code; 

attaching said cryptographically-encoded 
authorization code to the message to the seller. 

5. The method of claim 1 in which the message 
received over the quasi-public network from a qualified 
seller is an e-mail message. 

6. The method of claim 1 in which the message sent 
over the quasi-public network to the identified buyer is 
an e-mail message. 

7. The method of claim 1 in which the message 
received over the quasi-public network from the 
identified buyer is an e-mail message. 

8. The method of claim 1 in which the message sent 
over the quasi-public network to the seller is an e-mail 



9. The method of claim 1 in which the quasi-public 
message is the Internet. 

10. The method of claim 1 further comprising the 

qualifying users of the quasi-public network as 
sellers. 

11. The method of claim 1 further comprising the 

maintaining a database of account holders who are 
users of the quasi-public network. 

12. The method of claim 11 in which said database 
includes information regarding account holders who are 
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1 qualified as sellers and account holders who are not 

2 qualified as sellers. 

3 13. The method of claim 11 in which the database 

4 includes information indicating whether an account holder 
s is qualified as a seller. 

6 14 . The method of claim 1 further comprising the 

7 step of maintaining a first system and a second system, 

8 said first system comprising communication 

9 accessible to the guasi-public network, and 

10 said second system comprising communication 

11 accessible to sellers' agents who interface with a 

12 bankcard processing network, and further in which said 

13 method further comprises the step of: 

14 communicating information regarding the 

15 transaction from the first system to the second system, 

16 after approval by the buyer of the transaction. 

17 15. The method of claim l further comprising the 

18 step of maintaining a first system and a second system, 

19 said first system comprising a first database 

20 of account holders, said account holders being users of 

21 the quasi-public network and including a first group of 

22 account holders who are qualified as sellers and a second 

23 group of account holders who are not qualified as 

24 sellers, and 

25 said second system comprising a second database 

26 of said account holders including information associated 

27 with said second group of account holders including means 
26 by which payment can be made by said second group of 

29 account holders. 

30 16. The method of claim 15 further comprising the 

31 step of maintaining a firewall between said first system 

32 and said second system 
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The method of < 



between the first system and the second system is by 
batch processing. 

18. The method of claim 1 in which the transaction 
is for goods or services provided by the seller to the 

19. A method of operating a system that enables a 
seller and a buyer communicating over a quasi-public 
network to enter into a commercial transaction involving 
a payment of funds by the buyer for goods or services of 
value provided by the seller to the buyer, said method 
comprising the steps of: 

qualifying a first group of users of the quasi- 
public network as sellers; 

maintaining bankcard payment information for a 
second group of users of the quasi-public network, said 
bankcard payment information maintained on a storage 
medium in a secure portion of a computer system; 

maintaining listings of said first and second groups 
of users on a storage medium that is located in a portion 
of said computer system that has access to the quasi - 
public network, but that is isolated from the secure 
portion of the computer system; 

in response to a message over the quasi-public 
network from a user of the first group identifying a 
potential transaction with a user of the second group, 
sending a message over the quasi-public network to the 
identified user of the second group for confirmation; 

upon receipt of a message over the quasi-public 
network from the user of the second group confirming the 
transaction with the user of the first group, 
communicating bankcard information over secure channels 
to an agent of the user of the first group; 
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1 upon receipt of an authorization code from the agent 

2 via secure channels, cryptographically signing the 

3 authorization code; and 

4 sending the authorization code to the user of the 

5 first group via the quasi-public network. 

6 20. The method of claim 19 further comprising the 

a receiving authorization from said first group of 

9 users to act as said agent. 

10 21. The method of claim 20 further wherein said 

11 authorization code is generated by said system. 

12 22. A system for enabling commerce among users on a 

13 quasi-public computer network, comprising: 

14 means for sending and receiving messages to users on 

15 the quasi-public network; 

16 means for identifying users who are qualified as 

18 means for identifying messages received from users 

19 who are qualified as sellers; 

20 means for generating messages to users who are 

21 buyers identified in the messages received from the 

22 qualified sellers requesting confirmation of transactions 

23 between said users who are sellers and said users who are 

24 buyers; 

2 5 means for identifying messages from the buyers 

26 indicating confirmation of the transactions; 

27 means for isolating the sending and receiving of 

28 messages to and from users from financial information 

29 associated with said users who are buyers for settling 

30 financial transactions; 

31 means for sending financial information associated 

32 with buyers via secure channels to agents of sellers 

33 relative to confirmed transactions; 
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means for receiving authorization codes from the 
sellers' agents; 

means for cryptographically signing the 
authorization codes; and 

means for generating messages to the sellers 
including the cryptographically encoded authorization 

23. A method of operating a computer system to 
enable users of a quasi-public network to initiate a 
commercial transaction involving a payment of funds by 
one user of the quasi-public network to another user of 
the quasi-public network, the method comprising the steps 
of: 

maintaining a listing of users of the quasi-public 
network who are qualified to function as sellers; 

operating a computer system that is connected to the 
quasi-public network, said computer system having a means 
for sending and receiving messages from users of the 
quasi-public network; 

upon receipt of a message over the quasi-public 
network from a first user of the quasi-public network, 
said first user being qualified to function as a seller, 
sending a message over the quasi-public network to a 
second user of the quasi-public network, said second user 
being identified in the message from the first user, said 
message being sent to the second user including a request 
to confirm a transaction identified in the message 
received from the first user; 

upon receipt of a confirmation of the transaction 
from the second user, forwarding payment information of 
the second user to an agent of the first user; and 

upon receipt of an authorization code from the 
agent, encrypting the authorization code and sending the 
authorization code to the first user. 
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24. A payment system Cor use with the Internet 
comprising: 

qualifying a user as a seller; 

receiving a message via the Internet from the 
qualified seller regarding a transaction with a buyer 
that identifies at least an account identification of the 
buyer, said account identification maintained by the 

requesting confirmation of the transaction from the 
buyer by communicating a message to the buyer via the 
Internet; 

upon receiving confirmation from the buyer of the 
transaction from the buyer via the Internet; 

sending a message off the Internet to an agent of 
the seller, said message containing information relating 
to the transaction and payment information for the buyer; 

receiving confirmation of the transaction from the 
seller's agent; and 

communicating an authorization code to the seller. 



25. The method of claim 24 further comprising the 

obtaining authorization from said seller to act as 
an agent therefor. 

26. The method of claim 25 further comprising the 

confirming the transaction and payment information 
as seller's agent; and 

generating said confirmation as seller's agent. 

27. The method of claim 24 further comprising the 
step of cryptographically signing a message including the 
authorization code communicated to the seller. 
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